Soumettre la recherche
Mettre en ligne
Web application security - Course overview
•
2 j'aime
•
3,768 vues
Satish b
Suivre
Web Application penetration testing course content.
Lire moins
Lire la suite
Formation
Technologie
Signaler
Partager
Signaler
Partager
1 sur 5
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Session7-XSS & CSRF
Session7-XSS & CSRF
zakieh alizadeh
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And More
Josh Sokol
S8-Session Managment
S8-Session Managment
zakieh alizadeh
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh Ummer
OWASP-Qatar Chapter
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing Methodology
Websecurify
Web application vulnerability assessment
Web application vulnerability assessment
Ravikumar Paghdal
Web application security & Testing
Web application security & Testing
Deepu S Nath
Session4-Authentication
Session4-Authentication
zakieh alizadeh
Recommandé
Session7-XSS & CSRF
Session7-XSS & CSRF
zakieh alizadeh
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And More
Josh Sokol
S8-Session Managment
S8-Session Managment
zakieh alizadeh
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh Ummer
OWASP-Qatar Chapter
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing Methodology
Websecurify
Web application vulnerability assessment
Web application vulnerability assessment
Ravikumar Paghdal
Web application security & Testing
Web application security & Testing
Deepu S Nath
Session4-Authentication
Session4-Authentication
zakieh alizadeh
Session3 data-validation-sql injection
Session3 data-validation-sql injection
zakieh alizadeh
S5-Authorization
S5-Authorization
zakieh alizadeh
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery Vulnerabilities
Marco Morana
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
Rashid Khatmey
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Capgemini
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers
zakieh alizadeh
121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xus
GeneXus
Cross Site Request Forgery
Cross Site Request Forgery
Tony Bibbs
Session10-PHP Misconfiguration
Session10-PHP Misconfiguration
zakieh alizadeh
Web application sec_3
Web application sec_3
vhimsikal
Understanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
SSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
Session2-Application Threat Modeling
Session2-Application Threat Modeling
zakieh alizadeh
Cross site scripting
Cross site scripting
Bilal Mazhar MS(IS)Cyber Security II Privacy Professional
Web 2.0 Hacking
Web 2.0 Hacking
blake101
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
Christopher Grayson
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
Surya Subhash
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2
robin_bene
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
Romulus OWASP
Romulus OWASP
Grupo Gesfor I+D+i
Pentesting web applications
Pentesting web applications
Satish b
Contenu connexe
Tendances
Session3 data-validation-sql injection
Session3 data-validation-sql injection
zakieh alizadeh
S5-Authorization
S5-Authorization
zakieh alizadeh
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery Vulnerabilities
Marco Morana
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
Rashid Khatmey
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Capgemini
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers
zakieh alizadeh
121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xus
GeneXus
Cross Site Request Forgery
Cross Site Request Forgery
Tony Bibbs
Session10-PHP Misconfiguration
Session10-PHP Misconfiguration
zakieh alizadeh
Web application sec_3
Web application sec_3
vhimsikal
Understanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
SSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
Session2-Application Threat Modeling
Session2-Application Threat Modeling
zakieh alizadeh
Cross site scripting
Cross site scripting
Bilal Mazhar MS(IS)Cyber Security II Privacy Professional
Web 2.0 Hacking
Web 2.0 Hacking
blake101
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
Christopher Grayson
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
Surya Subhash
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2
robin_bene
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
Tendances
(20)
Session3 data-validation-sql injection
Session3 data-validation-sql injection
S5-Authorization
S5-Authorization
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery Vulnerabilities
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers
121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xus
Cross Site Request Forgery
Cross Site Request Forgery
Session10-PHP Misconfiguration
Session10-PHP Misconfiguration
Web application sec_3
Web application sec_3
Understanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
SSRF exploit the trust relationship
SSRF exploit the trust relationship
Session2-Application Threat Modeling
Session2-Application Threat Modeling
Cross site scripting
Cross site scripting
Web 2.0 Hacking
Web 2.0 Hacking
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Similaire à Web application security - Course overview
Romulus OWASP
Romulus OWASP
Grupo Gesfor I+D+i
Pentesting web applications
Pentesting web applications
Satish b
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah
Intro to Web Application Security
Intro to Web Application Security
Rob Ragan
What's new in CEHv11?
What's new in CEHv11?
EC-Council
Assessment methodology and approach
Assessment methodology and approach
Blueinfy Solutions
Ceh certified ethical hacker
Ceh certified ethical hacker
bestip
OWASP Secure Coding
OWASP Secure Coding
bilcorry
Hacking web applications
Hacking web applications
phanleson
Practical web-attacks2
Practical web-attacks2
OWASP (Open Web Application Security Project)
Fraud detection system
Fraud detection system
baladutt
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
Secure SDLC for Software
Secure SDLC for Software
Shreeraj Shah
Hack applications
Hack applications
enrizmoore
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
MrityunjayaHikkalgut1
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScript
Jonathan LeBlanc
Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edge
Fastly
04. xss and encoding
04. xss and encoding
Eoin Keary
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
Christian Martorella
Similaire à Web application security - Course overview
(20)
Romulus OWASP
Romulus OWASP
Pentesting web applications
Pentesting web applications
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Intro to Web Application Security
Intro to Web Application Security
What's new in CEHv11?
What's new in CEHv11?
Assessment methodology and approach
Assessment methodology and approach
Ceh certified ethical hacker
Ceh certified ethical hacker
OWASP Secure Coding
OWASP Secure Coding
Hacking web applications
Hacking web applications
Practical web-attacks2
Practical web-attacks2
Fraud detection system
Fraud detection system
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Secure SDLC for Software
Secure SDLC for Software
Hack applications
Hack applications
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScript
Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edge
04. xss and encoding
04. xss and encoding
Waf bypassing Techniques
Waf bypassing Techniques
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
Plus de Satish b
Hacking and securing ios applications
Hacking and securing ios applications
Satish b
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)
Satish b
iPhone forensics course overview
iPhone forensics course overview
Satish b
iPhone forensics on iOS5
iPhone forensics on iOS5
Satish b
Pentesting iPhone applications
Pentesting iPhone applications
Satish b
padding oracle attack
padding oracle attack
Satish b
Plus de Satish b
(6)
Hacking and securing ios applications
Hacking and securing ios applications
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)
iPhone forensics course overview
iPhone forensics course overview
iPhone forensics on iOS5
iPhone forensics on iOS5
Pentesting iPhone applications
Pentesting iPhone applications
padding oracle attack
padding oracle attack
Dernier
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Nguyen Thanh Tu Collection
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University of Engineering & Technology, Jamshoro
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Celine George
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
TechSoup
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
Jisc
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
marlenawright1
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
Sherif Taha
Single or Multiple melodic lines structure
Single or Multiple melodic lines structure
dhanjurrannsibayan2
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
Esquimalt MFRC
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
jbellavia9
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
Pooky Knightsmith
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
Amanpreet Kaur
Spatium Project Simulation student brief
Spatium Project Simulation student brief
Association for Project Management
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
Poonam Aher Patil
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
Elizabeth Walsh
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
Nguyen Thanh Tu Collection
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
Dr. Ravikiran H M Gowda
Dernier
(20)
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
Single or Multiple melodic lines structure
Single or Multiple melodic lines structure
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
Spatium Project Simulation student brief
Spatium Project Simulation student brief
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
Web application security - Course overview
1.
Web Application Security
Course Overview Satish.B Email: satishb3@securitylearn.net
2.
Course Content History of
web application Introduction to web application architecture Uniform Resource Locator (URL) HTTP Introduction HTTP Methods WEBDAV methods Request/Response analysis Security problems with http HTTPS Handshake protocol Record protocol Proxy Man in the middle attack Tools: Burp proxy, Paros proxy, web scarab Encoding Techniques URL Encoding HTML Encoding Unicode Encoding Tools: Burp decoder Profiling Application Spiders, crawlers Search engine discovery Banner Grabbing Robots.txt Analysis of error codes Tools: HttpPrint, netcraft Attacking Authentication Authentication Types Brute force attacks Analyzing Auto complete options Insecure credential transmission Session puzzle attacks Authentication bypass techniques Shoulder surfing 2 http://www.securitylearn.net
3.
CAPTCHA Rebinding attacks
Countermeasures Tools: Bruter, Burp Repeater, Burp Intruder Attacking Authorization Authorization types Parameter tampering Horizontal privilege escalation Vertical privilege escalation Referrer spoofing Cryptography weakness Symmetric cryptography Asymmetric cryptography Substitution cipher Stream cipher Block cipher Steganography SSL cipher testing Cracking hashes Padding oracle attack Cracking ECB encryption Tools: SSLDigger, MD5 crack Attacking Session management Introduction Secure flag HTTPOnly flag Cookie Domain & Path Session Token analysis Session fixation Cookie transmission mechanisms Tools: Burp sequencer Timeout issues Cross site scripting attacks Same origin policy Reflective XSS Stored XSS DOM based XSS Anatomy of XSS Exploitation Impact of XSS XSS Shell 3 http://www.securitylearn.net
4.
XSS & Metasploit
Black list/White list Input validation Output encoding Remediation Tools: Beef SQL injection Error based SQLi Blind SQLi SQLi exploitation Data extraction with UNION queries Data extraction with inference techniques Command execution with SQLi Impact of SQLi Remediation Stored procedures Vs Parameterized queries Tools: SQLMap, Absinthe Cross site request forgery Anatomy of CSRF Remediation CAPTCHA Rebinding attack Tool: CSRFTester URL Redirection attacks Phishing attacks Remediation HTTP Response splitting Cache positioning Command execution Input validation attacks File Uploads Path traversal attacks Local file inclusions Remote file inclusions Command Execution Remediation Techniques Server Configuration issues WEBDAV methods Caching vulnerabilities Directory listing 4 http://www.securitylearn.net
5.
Attacking Web Server
Denial of service attacks Buffer over flows Remediation OWASP Top10 web application risks Scanners Usage of tools Pros, Cons & Problems with scanners IBM- AppScan HP- WebInspect Risk Assessment OWASP Risk Rating methodology Pentest Reports Executive reports Detailed reports Web Application Security Checklist Contact Satish B Email: satishb3@securitylearn.net satishb3@hotmail.com 5 http://www.securitylearn.net
Télécharger maintenant